Author: Thomas J. Raef

We hear it all the time,
“What do hackers want with my little WordPress website?”
Or,
“How did they manage to find my WordPress website?”
We’ll address both of those issues here.
First, “What do hackers want with my WordPress website?”
The quick answer is: MONEY!!!
To which, you’ll probably respond with, “I don’t have an e-commerce website, so…”
Not to give cybercriminals any credit, but they know human behavior. They...

We just received a notification:
We are getting in touch to let you know about a stored XSS and a CSRF vulnerability in the Avada WordPress Theme versions prior to 5.1.5 (releases prior to April 4th, 2017).
This is a security release for all previous versions and we strongly encourage you to update immediately.
We have worked with ThemeFusion, the creators of Avada, to address this vulnerability, which...

I had been preparing this write-up for over a week now, but I see that SiteLock beat me to the punch in their blog.
As some of you know, we specialize in root cause analysis. I've built an incredible engine to analyze how websites were infected. Some of it is correlation analysis - matching the infection patterns and traffic to previously serviced websites.
Other times, it's just...

Google recently published a blog post stating that website infections were up in 32% in 2016 compared to the previous year.
Some of you will be thinking,
Yeah, you want to scare everyone into thinking they need your service
Nothing could be further from the truth.
I started this company to address the need of the market. Our focus is and has always been, those website owners who don't have...

It seems like everyone likes to save money.
Often times when it comes to hosting websites, that frequently means you select shared hosting.
Shared hosting doesn't mean that you share the same file system as websites on other hosting accounts. It simply means you share the server.
We've been removing malware from websites since 2007 and during our time in this industry there have only been a couple...

There seems to be a renewed infection of websites based on WordPress, Joomla and other popular website platforms, with some malicious javascript that has been around for awhile.
The code referred to starts with:
[php]var _0xaae8=["","\x6A\x6F\x69\x6E"...

One of our customers recently received an email from their hosting provider. The hosting provider stated the hosting account had malicious website files. The customer forwarded it to us:
Dear CUSTOMER,
During a routine scan, the security team at HOSTING_PROVIDER
discovered infected files in your "customer name" account.
Typically, these security vulnerabilities are due to the presence of
an outdated application or script in your account.
You can view a list of...

I know I've ranted about this before, but I recently read this in an article about WordPress security:
Preventing Cross-Site Contamination
Shared hosting services are popular among businesses to host their WordPress blogs. Unfortunately, such shared services open the possibility of cross-site contamination. This is essentially a strategy that hackers use to attack a website by gaining access to another website in your shared server. One way...

You might imagine that find and removing website malware is relatively straightforward, right?
Find malicious code and remove it.
Easy right?
Most website malware removal services work on signatures. These signatures positively identify a string of text in your website files. This method is very fast.
The average WordPress website has about 1,900 files. This is regardless of how many posts you have (posts are stored in the database)....